From f4c9ac19cfb47a1c5c35af92f0c2de3441f5f591 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 15 Apr 2019 09:28:19 +0200 Subject: [PATCH] Override Django Contrib Auth templates This override Django Contrib Auth templates to make them more integrated with the user site. More precisely the breadcrumb now redirects to the index page rather to the Django Contrib Admin index page. *It also fix a security vulnerability in Re2o.* Without this patch users are able to request for a new password AND the existing login name. So just with access to someone mail, it would be possible to hack into his account. And yes, Re2o implements another password system. But this one is not disabled (see by yourself : https://intranet.crans.org/password_reset/). This also is part of the Aube patch-set for Re2o and one of Aube goal is to drop the custom admin password reset system and use the Django Contrib Auth one. --- templates/registration/password_change_done.html | 13 +++++++++++++ templates/registration/password_change_form.html | 13 +++++++++++++ templates/registration/password_reset_complete.html | 13 +++++++++++++ templates/registration/password_reset_confirm.html | 13 +++++++++++++ templates/registration/password_reset_done.html | 13 +++++++++++++ templates/registration/password_reset_email.html | 13 +++++++++++++ templates/registration/password_reset_form.html | 13 +++++++++++++ 7 files changed, 91 insertions(+) create mode 100644 templates/registration/password_change_done.html create mode 100644 templates/registration/password_change_form.html create mode 100644 templates/registration/password_reset_complete.html create mode 100644 templates/registration/password_reset_confirm.html create mode 100644 templates/registration/password_reset_done.html create mode 100644 templates/registration/password_reset_email.html create mode 100644 templates/registration/password_reset_form.html diff --git a/templates/registration/password_change_done.html b/templates/registration/password_change_done.html new file mode 100644 index 00000000..0e514b53 --- /dev/null +++ b/templates/registration/password_change_done.html @@ -0,0 +1,13 @@ +{% extends "registration/password_change_done.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password change' %} +
+{% endblock %} diff --git a/templates/registration/password_change_form.html b/templates/registration/password_change_form.html new file mode 100644 index 00000000..5524bfa0 --- /dev/null +++ b/templates/registration/password_change_form.html @@ -0,0 +1,13 @@ +{% extends "registration/password_change_form.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password change' %} +
+{% endblock %} diff --git a/templates/registration/password_reset_complete.html b/templates/registration/password_reset_complete.html new file mode 100644 index 00000000..506c0981 --- /dev/null +++ b/templates/registration/password_reset_complete.html @@ -0,0 +1,13 @@ +{% extends "registration/password_reset_complete.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password reset' %} +
+{% endblock %} diff --git a/templates/registration/password_reset_confirm.html b/templates/registration/password_reset_confirm.html new file mode 100644 index 00000000..de710a83 --- /dev/null +++ b/templates/registration/password_reset_confirm.html @@ -0,0 +1,13 @@ +{% extends "registration/password_reset_confirm.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password reset confirmation' %} +
+{% endblock %} diff --git a/templates/registration/password_reset_done.html b/templates/registration/password_reset_done.html new file mode 100644 index 00000000..5e008001 --- /dev/null +++ b/templates/registration/password_reset_done.html @@ -0,0 +1,13 @@ +{% extends "registration/password_reset_done.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password reset' %} +
+{% endblock %} diff --git a/templates/registration/password_reset_email.html b/templates/registration/password_reset_email.html new file mode 100644 index 00000000..f43d80c3 --- /dev/null +++ b/templates/registration/password_reset_email.html @@ -0,0 +1,13 @@ +{% load i18n %}{% autoescape off %} +{% blocktrans %}You're receiving this email because you requested a password reset for your user account at {{ site_name }}.{% endblocktrans %} + +{% trans "Please go to the following page and choose a new password:" %} +{% block reset_link %} +{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %} +{% endblock %} + +{% trans "Thanks for using our site!" %} + +{% blocktrans %}The {{ site_name }} team{% endblocktrans %} + +{% endautoescape %} diff --git a/templates/registration/password_reset_form.html b/templates/registration/password_reset_form.html new file mode 100644 index 00000000..26c1e282 --- /dev/null +++ b/templates/registration/password_reset_form.html @@ -0,0 +1,13 @@ +{% extends "registration/password_reset_form.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password reset' %} +
+{% endblock %}